Encryption printed circuit board

ABSTRACT

An encryption printed circuit board (PCB) for use as an add on board to a host computer includes address registers, read/write controller, and data information transceiver adapted for connection to the host computer. The addresses registers are connected to a memory decode, auto-start PROM, I/O decoder and register select. The memory decoder is connected to the autostar, PROM and the I/O decoder is connected to the register select. A bus logic circuit is connected to the read/write controller, and outputs read/write signals to the data information transceiver and register select. The data information transceiver is connected to the autostart PROM and to a plurality of data registers for receiving instructions from the auto-start PROM and inputting or receiving information from the data registers pursuant to instruction of the auto-start PROM program, and selection of the appropriate registers by the register select. A cipher processor, microprocessor, low address latch and memory, program, and buffer are connected to the data registers. The microprocessor is connected to a card reader through a card reader interface, and to an upper address decoder and the memory, program, buffer. Upon receipt of a load key instruction from the PC the microprocessor loads the key and a block of information from the input register into the cipher processor for either encryption or decryption and the processed block of information into the information output register for output to the PC upon receipt of a write instruction.

.Iadd.This application is a continuation of U.S. application Ser. No.07/837,594, filed Feb. 20, 1992, now abandoned, which was a continuationof U.S. application Ser. No. 07/539,927, filed Jun. 18, 1990 nowabandoned, which was a Reissue of U.S. application Ser. No. 07/001,206now U.S. Pat. No. 4,797,928..Iaddend.

BACKGROUND OF THE INVENTION

This invention relates to cryptographic devices and more particularly toan encryption printed circuit board.

Various system have been developed in the prior art for encipheringdigital information to improve the security and privacy of data withindata processing systems, during transmission over telecommunicationsnetworks, and during storage on media such as magnetic tape and disk.Examples of such cipher systems may be found in U.S. Pat. Nos. 3,798,359and 3,958,081.

In known cipher systems the bits of the information to be enciphered arerearranged or replaced by substitute bits under control of a secretcipher key. To decipher the enciphered operation the substitution isreversed. Enciphering methods have been combined to provide secureciphers. For example, the bits have been transposed prior tosubstitution, groups of bits have been substituted, combining usingexclusive OR, and these techniques have been altered several timesduring the enciphering and deciphering process. Such cipher systems arepractically unbreakable without testing all possible keys and the keycan be made large enough to make such testing prohibitively timeconsuming.

Thus, for piracy to be profitable access to the key is necessary.Various systems have been devised to keep the key from being accessedthrough the computer. Such systems have included separating theenciphering system from the computer wherein the computer calls forinformation and gets the results only.

The essential difference between the known prior art devices and thepresent invention is the provision of an encryption printed circuitwhich is an IBM half-sized printed circuit board with complete interfaceto a card reader. The technique used by the encryption printed circuitis known as the National Bureau of Standards Data Encryption Standard(DES) whose DES function is provided by a low cost, high performanceintegrated circuit having a microprocessor which automatically handlesmany of the DES functions. The use of the microprocessor unburdens thehost system which provides greater transfer speed of information andincreased security of the information.

SUMMARY OF THE INVENTION

Accordingly, it is an object of this invention to provide a secure andversatile encryption device.

Another object of the invention is to provide an encryption deviceemploying an internationally known method for making secure corporatedata bases, information stored on tape, floppy diskettes, and datacommunications.

Still another object of the invention is to provide a low cost, highperformance encryption device capable of performing automatically manyof the National Bureau of Standards Data Encryption Standard (DES)functions.

Yet another object of the invention is to provide an encryption devicecapable of preventing the linking together of different files instorage.

Still yet another object of the invention is to provide an encryptiondevice usable to secure files on hard disk or floppy diskette as well asto protect data bases, information being transmitted to another site,and dial-up access.

Briefly stated the encryption device constituting the subject matter ofthis invention includes a printed circuit board having a computerconnected to a ciphering processor. The ciphering processor encrypts anddecrypts data using the National Bureau of Standards encryptionalgorithm. The printed circuit board is connected to a host computer forreceiving blocks of clear or encrypted data and commands forautomatically starting the ciphering process. The encryption PC boardscrambles the information by means of a key. The key is read into the PCboard from a card reader whenever data is to be encrypted or decrypted,the data decrypted or encrypted as directed, and returned to the hostprocessor. Thus, the host computer never sees the key that was used. Asecondary key is used to prevent file linking together different filesin storage. As the host computer never "sees" the keys, the keys cannotbe found in the memory of the host computer.

BRIEF DESCRIPTION OF THE DRAWINGS

Other objects and features of the invention will become readily apparentfrom the following detailed description when read in conjunction withthe drawings in which:

FIG. 1 constitutes a schematic diagram in block form of the encryptedprinted circuit board of the present invention.

FIGS. 2a-2d show in greater detail a slightly modified schematic diagramin block form of the encryption printed circuit board.

FIG. 3 is a flowchart for the operation of the encryption printedcircuit board.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

The encryption printed circuit board 10 (FIGS. 1 and 2a-2d) includes aprinted circuit board with complete interface to a card reader. Theboard is provided with a special software driver, and includes anauto-start PROM command. A simple driver installation is performed oncefor each system configuration. From that point on, encrypting ordecrypting is performed by file. All programs are menu driven for easeof use. A drive letter may be specified or a new drive may be created inthe random access memory (RAM); this gives greater flexibility to thesystem.

The encryption printed circuit board (PCB) can encrypt in either abinary code or in ASCII.

Binary encryption utilities the conventional eight bit cipher feedbackmethod designated by the National Bureau of Standards Data EncryptionStandard (DES) used in most encrypters. It takes all clear data(unencrypted) and turns it into a stream of random characters, any oneof which can be of any value between OO and FF (256 possiblecombinations). All data is crypted, including control characters thatmay be used for MODEM and equipment control.

ASCII encryption is an implementation of cipher feedback called "SafeTalk". Safe Talk works by encrypting on "printable characters" andpasses control characters through without encryption. Printed charactersare in the 20 to 7E hexadecimal range. All "handshake", control andcommand characters are left untouched. "Safe Talk" mode of operationallows encryption to be used in places where conventional encryption isnot suitable.

The encryption PCB is capable of a two mode operation. The first mode isa security mode used to secure the flies on hard disk or floppydiskette. In this mode, individual files or entire diskettes areencrypted. The second mode of operation is an access or communicationssecurity device. This mode is used to protect data bases and informationbeing transmitted to another site, and to prevent dial-up access. Thisprotect mode requires only that all the communications be routed throughthe encryption PCB; the result is that all communications between hostlook like random data and cannot be understood.

The host computer may be, for example, an IBM Personal Computer whichconsists of the system unit, the keyboard, a display, and printer. Thesystem unit contains a 16-bit microprocessor, read-only memory (ROM),random access memory (RAM), power supply, speaker, and five expansionslots to allow easy expansion of the system. The system unit houses twofloppy diskette drives attached thereto by a diskette adapter located inone of the five system-bus slots. The encryption PCB of the presentinvention is an adapter card located in one of the five system-busslots. It is compatible with the IBM PC.

The encryption printed circuit board, hereinafter referred to as the PCB(FIG. 1) includes a plurality of address buffers 12, a read and writecontrol 14 and a data buffer 16 connected to the IBM PC.

The address buffers 12 are connected to bus 18. Bus 18 interconnects theaddress data of the address buffers to a memory decode 20, an auto-startprogrammable read only memory (PROM) 22, an I/O address decoder 24, andregister selector 26. The memory decoder 20 is connected to theauto-start program PROM for initialization and the I/O decoder 24 isconnected to the register select for initialization of the registerselect.

The read, write controller 14 is connected by bus 28 to bus controllogic. The bus logic outputs read, write control signals to the databuffer 16 and to the register selector 26. The data buffer 16 isconnected to bus 32. Bus 32 interconnects the data buffer 16, aplurality of data registers 34, and the auto-start program PROM 22.

The data registers 34 are connected to a bus 36. The bus 36interconnects the data registers 34, cipher processor 38 (which includesa master and secondary key port and a data port), a microprocessor 40,low address latch 42, and memory, program and buffer 44.

The data registers 34 are also connected by a lead 46 to a flag logiccircuit 48 whose output is connected by lead 50 to the microprocessor40.

A key card interface 52 is connected by bus 54 to information inputterminals of the microprocessor 40. A key card reader 56 which is, forexample, an EEPROM is connected to the key card interface 52. Theinterface provides the key and secondary key to the microprocessor forthe cipher processor.

The microprocessor 40 output terminals are connected to an upper addressbus 58. The upper address bus 58 connects the microprocessor to anaddress decoder 60 and to the memory and program and buffer 44. Theupper and lower addresses operate in the memory, program and buffer 44to output the processed data to the information data register of dataregisters 34.

Referring now to FIGS. 2a-2d, a more detailed description of a slightlymodified encryption PCB is given. The address buffers 12 and read, writecontrol 14 includes a plurality of address buffer memories 70, 72, and74 having connectors for connection to the address I/O bus of the hostcomputer and a transceiver 16 having connectors for connection to thedata memory bus of the host computer for reading clear or encryptedinformation from the PC for encryption or decryption and writinginformation into the PC.

The address buffer 70 has eight (AO-A7) data output terminals connectedto bus 18 and to eight terminals of an auto-start PROM 22 (FIG. 2b).Address buffer 72 (FIG. 2a) has eight (A8-A15) data output terminalsconnected to bus 18 of which four (A8-A11) are also connected to theauto-start PROM 22 (FIG. 2b). While, the address bus 74 (FIG. 2a) hasfour data output terminals (A16-A19) connected to bus 18 and four outputterminals (A20-A23) connected to the integrated field logic device 30(FIG. 2b). Bus 18 is connected in turn to I/O bit magnitude comparator76, memory bit magnitude comparator 78, and to a read/write decoder 80(FIG. 2c). The I/O bit magnitude comparator 76 is connected to a dipswitch 29 which allows the address of a block of eight port addresses tobe moved in the address space by setting a new value in the bank of dipswitches.

The twenty terminals (A0-A19) of the address buffers 70, 72, and 74 areoutput-only signals that are used to address the system-bus attachedmemory and I/O. These 20 signals are driven by the PC during system-buscycles for memory and I/O read and write. With 20 address lines, it ispossible to address one megabyte of system memory.

The PC through the use of the IN and OUT instructions, can address up to64K L/O port addresses. The port addresses are also carried on theaddress bus on lines A0 through A15. Lines A16 through A19 are not usedand are held inactive during I/O port bus cycles. However, on the PConly address lines A0 through A9 are used for addressing I/O ports. Inaddition, only I/O port addresses in the range 0200 HEX to 03FF HEX arevalid on the system bus, generally. The terminals (A20 through A23)receive the memory read, I/O read, I/O write, and AEN control signals.The PCB address registers are compatible with the PC bus.

The AEN terminal A20 (FIG. 2a) is connected by lead 82 to the Enableterminals of the bit magnitude comparators 76 and 78 (FIG. 2b).

The memory read address output data terminal, the I/O read and I/O writeterminals are connected, respectively, to leads 84, 86, and 88 (FIGS. 2aand 2b). The memory read lead 84 and I/O read lead 86 are connected toAND gate 90, (FIG. 2b) and the I/O read and I/O write leads 86 and 88are connected to the junction of a normally high output AND gate 92 andto the decoder 80 (FIG. 2c). The output of AND gate 90 (FIG. 2b) isconnected by lead 92 to the enable terminal of transceiver 16 (FIG. 1a).

The output of AND gate 92 (FIG. 2b) is connected to an input terminal ofan OR gate 94. A second input of OR gate 94 is connected by lead 96 tothe junction of clock terminals of the bit magnitude comparator 76 andthe decoder 80 (FIG. 2c). The signal on terminal 19 of the decoder 80 isinverted by an inverter 98 and applied to the enable terminal of thedecoder 80.

The output of OR gate 94 (FIG. 2b) is connected to a first input of ANDgate 100. The second input terminal of AND gate 100 is connected to thejunction of an enable output terminal of PROM 22 and the output of an ORgate 102. OR gate 102 has a first input terminal connected to clockterminal of the memory bit magnitude comparator 78 and a second inputterminal connected to the memory read lead 84. The output of AND gate100 is connected by lead 104 to a second clock terminal of transceiver16 (FIG. 1a) for reading data information in and writing it out of theencryption PCB,

The transceiver 16 data leads (D0-D7) are connected to bus 32. Theseeight lines axe bidirectional data lines used to transmit data betweenthe PC, memory and I/O, and I/O ports. During PC initiated write buscycles, data ate presented on the bus 32 for writing into memory or I/Oports, Data axe valid slightly before the back ming edge of the I/OW orMR control signals. The rising edges of these signal are usually used toclock the data on the data bus into memory or I/O port registers. DuringPC initiated read bus cycles, the addressed memory or I/O port registermust place their data on the data bus before the rising edge of the I/Oor MR control signals. During direct-memory access cycles, the data busis used to transfer data directly between an I/O port and memory.

Bus 32 is also connected to corresponding data terminal of theauto-start PROM 22 (FIG. 2b) and plurality of registers 34 includingregisters 106, 108 and 110 (FIG. 2c). Register 106 has its enableterminal connected by lead 112 to the I/OR terminal of decoder 80 andwhen enabled stores the information input from the PC for processor inthe cipher processor controlled by the microprocessor. Register 108 hasits enable terminal connected by lead 114 to the I/OW terminal ofdecoder 80, and stores command status signals from the PC. While, theregister 110 has its enable terminal connected by lead 116 to the outputenable terminal of a microprocessor 40 for receiving the processedinformation, all as follows. A suitable microprocessor is a TMS 7001microprocessor.

The registers 106, 108, and 110 have terminals (0-7) connected to bus118. Bus 118 is also connected to terminals of a transceiver 120 (FIG.2d), to the cipher text terminals (SP0-SP7), and master key terminals(AUX-0-AUX7) of a ciphering processor 38 and to the data outputterminals of a PROM 44. A suitable cipher processor is a Zilog Z8086manufactured by Zilog, Inc.

The master port terminals (MP0-MF7) of the ciphering processor 38 areconnected to bus 122 and to the address (A0-A7) terminal of themicroprocessor 40. The bus 122 is also connected to the lower addresslatch 42, transceiver 120, and key card interface latch 52 (FIG. 2c).The key card interface latch is connected by bus 124 to card reader 56.A suitable card reader is an XR244 (EEPROM).

The transceiver 120 (FIG. 2d) has its terminals connected between bus118 and bus 122. Its enable terminal Pin 1 is connected by lead 124 tothe enable terminal of microprocessor 40, and its other enable terminal126 connected to the junction of the MR/W terminal of the cipheringprocessor 38 and microprocessor 40.

The microprocessor address terminals (A0-A7) are also connected by lead128 to corresponding address terminals of a storage RAM 130 for storingprocessed information. Storage RAM 130 has its data output terminals(D0-D7) connected by lead 132 to the corresponding data terminals of themicroprocessor 40.

The microprocessor 40, also has upper address terminals (PINS 22-14 and26, 27) and an enable terminal (PIN 39) connected to the enableterminals of PROM 44. Also, output enable terminals are connected byleads 134 and 136 to output enable terminals of a chip selector 138.

ALE, CK, and RES terminals complete the active terminals of themicroprocessor 40. The ALE (address latch enable) terminal is connectedby lead 140 to the junction of the latch 42 and to an inverter 142connected to the master port address strobe (MAS) of the cipheringprocessor 38. Latch 42 is for multiplexing the lower address from thedata. ALE is an output-only signal driven by the microprocessor. It isused to indicate that the address bus is now valid for the beginning ofa bus cycle. This signal goes "active high" just prior to the addressbus being valid and goes inactive just after the address bus is valid.This signal latches the address information from the local address/databus. The microprocessor clock terminal is connected by lead 144 throughan inverter 146 to the clock terminal of the ciphering processor 38.While the RES (reset) terminal is connected by lead 148 to the resetoutput of the PC.

Selected port addresses received on registers 70, 72, and 74 (FIG. 2a)are addressed by the PROM 22 (FIG. 2b) and input to the bit magnitudecomparators 76 and 78. The PROM is for decoding port addresses widelydifferent on the card. Thus, the PROM 22 generates the decode outputs,The address input signal to a PROM decode is a unique output bit patternthat is written into the PROM at manufacture. The output of the PROM isto the memory transceiver and registers 106, 108, and 110.

The bit magnitude comparators 76 and 80 allow the address of a block ofport addresses to be moved in the address space by setting a new valuein a bank of dip switches. On one side of the compare circuit 28, theaddress bits and bus signal AEN are attached. On the other side, theoutput of the dip switches is attached. When the value set in the dipswitches equals the value on the address bus, the compare equal outputis activated and can be used as the group select control signal. Thegroup select signal is connected to the junction of the MR/W portion ofthe integrated field logic and decoder 80. In the integrated field logicthe group select signal of bit magnitude comparator 78 is ORed and ANDedwith the group output signal of the memory bit comparator and input tothe transceiver 16.

In operation the microprocessor 40 pursuant to a load key (master orsecondary or both) instruction from the PC cycles through a memory-readbus cycle, memory write bus cycle, I/O port read bus cycle and I/O writebus cycle.

The I/O port read bus cycle is initiated each time an IN instruction isexecuted. It fetches data from one of the I/O port addresses in the I/Oport address space. The ALE bus signal is activated indicating thataddress bus bits contain a valid I/O port address. Next, the I/OR buscontrol signal is activated indicating both that the bus cycle is an I/Oport read cycle and that the addressed port should respond by drivingthe data bus with its contents. Then the PC samples the data on the databus an I/OR bus signal is deactivated.

The memory-read bus cycle is then begun to fetch instructions and datafor the microprocessor memory. At the beginning the ALE signal goesactive. The back edge of this signal indicates that the address buscontains a valid memory address. Next, the MR bus signal is activated.This indicates to the devices attached to the bus that the cycle is amemory-read cycle, and all devices addressed should drive the data buswith its contents through the ciphering processor for either encryptionor decryption as selected. Then, the microprocessor captures the datafrom the data bus.

Next, an I/O port write bus cycle is initiated pursuant to an OUTinstruction to write data to a specific I/O port address in the I/Oaddress space of the microprocessor. The ALE bus signal is activated andindicates that the address bus contains a valid port address. Next, thebus control signal I/OW is activated to indicate that the bus cycle isan I/O port write cycle and that the selected port address should takedata from the data bus. Then the microprocessor drives the data bus withthe data for the port address. Then the I/OW bus control signal isdeactivated.

Finally, a memory-write bus cycle is initiated by an instruction towrite data to a memory location. The microprocessor and its bus buffersdrive an address onto the system bus, indicating the address of thememory location that should accept the data. In addition themicroprocessor drives the data bus with the data that is to be writtenin the selected memory location. As with the other bus cycles, the ALEbus signal is activated to indicate that the address bus contains avalid memory address. Next, the MW bus signal is activated indicatingthat the bus cycle is a memory-write cycle. Then the microprocessordrives the system data bus with either the encrypted or the decrypteddata that are to be written into the selected memory location and the MWbus signal is deactivated.

The encrypted printed circuit board operation is now described withreference to a flowchart (FIG. 3). At start 200 an instruction 202 isissued to initialize the system. Then the PC issues a command to loadencryption key, and a decision 206 is made whether the key is proper. Ifnot a proper key, an instruction 208 is issued to notify the PC andreturn is made to instruction 204; else an instruction 210 is issued toload the first block of data. Next, a decision 212 is made whether theblock of data is to be encrypted; if not an instruction 214 is issued toactivate the ciphering processor to decrypt the block of data. Duringdescription a decision 218 is made whether the data ciphering processoris indicating an error, if true, return is made to instruction 208 andan instruction is issued to notify the PC and return to instruction 204.If decision 216 is that no error is being indicated, a decision 218 ismade whether the first block of data for decryption has been completed,and whether any additional blocks of data remain for decryption. Ifdecision 218 is yes, return is made to instruction 214; else, aninstruction 220 is issued to the PC to read the decrypted data intomemory and exit.

Otherwise, if decision 212 is true, an instruction 222 is issued toactivate the ciphering processor to encrypt the block of data. Next, adecision 224 is made whether the data ciphering processor is indicatingan error; if yes an instruction 226 is issued to notify the PC andreturn is made to instruction 204; else a decision 228 is made whetherencryption of the block of data is complete and whether any more blocksof data are to be encrypted. If decision 228 is that the first block ofdata has been encrypted but additional blocks are to be encrypted returnis made to instruction 222 to encrypt the additional blocks; else aninstruction 230 is issued to notify PC that the data has been encryptedand exit made.

Although only a single embodiment of the invention has been described,it will be apparent to a person skilled in the art that variousmodifications to the details of construction shown and described may bemade without departing from the scope of this invention.

What is claimed is:
 1. An encryption/decryption apparatus for a hostcomputer having expansion slots for an expander board comprising:anexpander board for connection to a host computer's expansion slot, saidexpander board including: an address storage means, a control read/writemeans, and a data storage means for operative connection to a hostcomputer, the address means for storing addresses for a block of datareceived from the host computer for ciphering and the read/write controlmeans for receiving ciphering operational commands from the hostcomputer including memory read. I/O read, I/O write, and enable controlsignals; an auto-start means connected to the address storage means,control read/write means, and data storage means for coordinating thedata addresses of the host computer with addresses for the expanderboard; a register selector means connected to the auto-start memorymeans and to the control read/write means for outputting registerselector signals; a register means including a data input registerconnected to the control read/write means and data storage means andresponsive to an I/O read enabling signal for storing the hostcomputer's data for ciphering, a read/write command status registerconnected to the control read/write means and responsive to an I/O writesignal for storing the host computer's command status signals, and adata output register connected to a microprocessor's enable terminal anddata storage means and responsive to an enable signal for receivingciphered data; a cipher processor connected to the register means forreceiving data for encryption or decryption selectively; amicroprocessor connected to the register means and to the cipherprocessor, the microprocessor including an instruction means, and aninstruction execution means for cycling through an I/O port read buscycle, a memory-read bus cycle; a data storage means connected to thecipher processor and to the microprocessor for storing the ciphered dataoutput of the cipher processor; and a key card interface means connectedto the microprocessor, the key card interface means for connection to akey card reader for obtaining key information for the cipher processor;whereby the microprocessor upon command of the host processor fetcheskey information from the key card interface means for userauthentication and cipher processor code selection and responsive to anauthentication signal cycling through an I/O port read bus cycle eachtime an IN instruction is executed, a memory-read bus cycle for fetchinginstructions and data for ciphering by the cipher processor, and I/Oport write bus cycle each time an OUT instruction is executed forwriting data to a specific I/O port address in the I/O address space ofthe microprocessor storage means, and a memory-write bus cycle each timean instruction is executed to write data to a valid memory location. 2.An encryption/decryption apparatus according to clam 1 wherein thecontrol read/write is a logic circuit means for producing read/writesignals for the data storage means and read/write terminals of themicroprocessor.
 3. An encryption/decryption apparatus according to claim1 wherein the address storage means and data storage means including,respectively, a plurality of address buffers for storing the hostcomputer's addresses for the host computer data to be ciphered andreturned, and a data buffer for storing the data to be ciphered and theciphered data for return to the host computer.
 4. Anencryption/decryption apparatus according to claim 1 wherein the keycard interface means includes an EEPROM key card reader.
 5. Anencryption/decryption apparatus according to claim 4 wherein the keycard reader further includes secondary key information for the cipherprocessor for preventing the linkage of files together in storage.
 6. Anencryption/decryption apparatus according to claim 1 wherein the I/Oport read bus cycle of the microprocessor instruction means andinstruction execution means includes means responsive to an INinstruction for issuing an instruction to fetch data from I/O portaddresses in one of the plurality of address registers, means fordetermining whether the address bus bits contain a valid I/O portaddress, means for activating the I/O read bus control for indicatingboth that the bus cycle is an I/O port read cycle and that the addressedport should respond by driving the data bus with its contents, meansconnected to the host computer for sampling the data on the data bus,and means for deactivating the I/O read bus signal.
 7. Anencryption/decryption apparatus according to claim 1 wherein thememory-read bus cycle of the microprocessor instruction means includesmeans for determining that the address bus contains a valid memoryaddress, means for activating the memory-read bus signal for indicatingto the devices attached to the bus that the cycle is a memory-readcycle, said devices responsive to the memory-read cycle indicatingsignal for driving the data bus with its contents though the cipherprocessor selectively for encryption and decryption, and means enablingthe microprocessor to capture the data from the data bus.
 8. Anencryption/decryption apparatus according to claim 1 wherein the I/Oport write bus cycle of the microprocessor instruction means includesmeans responsive to an OUT instruction to write data to a specific I/Oport address in the I/O address space of the microprocessor, means forindicating that the addresses bus contains a valid port address, meansfor activating the bus control signal I/O write to indicate that the buscycle is an I/O port write cycle and means directing the selected portaddress to take data from the data bus, means instructing themicroprocessor to drive the data bus with the data for the port address,and means for de-activation the I/O write bus control signal.
 9. Anencryption/decryption apparatus according to claim 1 wherein thememory-write bus cycle of the microprocessor instruction means includesmeans responsive to an instruction to write data to a memory locationfor activating the microprocessor and its bus buffers for driving anaddress onto the host computer's system bus, means for indicating theaddress of the memory location that should accept the data, meansenabling the microprocessor to drive the data bus with the data that isto be written in the selected memory location, means indicating that theaddress bus contains a valid memory address, means for activating thememory write bus signal, and means for driving the host processor'ssystem bus with the ciphered data for storage in the selected memorylocation and means for deactivating the memory-write signal. .Iadd. 10.An encryption/decryption apparatus for a computer, said apparatuscomprising:an address storage means, a read/write control means, theaddress storage means for storing addresses for a block of data receivedfor the computer for ciphering and the read/write control means forreceiving ciphering operational commands and control signals from thecomputer; co-ordinating means connected to the address storage means,and control read/write means, for coordinating the data addresses of thecomputer with addresses for the apparatus; a register selector meansconnected to the co-ordinating means and to the read/write control meansfor outputting register selector signals; a register means connected tothe read/write control means and responsive to a control signal forstoring the computer's data for ciphering, and a data output registerconnected to a microprocessor and responsive to an enable signal forreceiving ciphered data; a cipher processor connected to the registermeans for receiving data for encryption or decryption selectively; themicroprocessor being connected to the register means and to the cipherprocessor; a data storage means connected to the cipher processor and tothe microprocessor for storing the ciphered data output of the cipherprocessor; and a key card interface means connected to themicroprocessor, the key card interface means for connection to a keycard reader for obtaining key information for the cipherprocessor;whereby the microprocessor upon command of the computerfetches key information from the key card interface means for userauthentication and cipher processor code selection..Iaddend..Iadd. 11.The apparatus of claim 10 wherein said apparatus further comprises anexpander boarder for the expansion slot of a computer..Iaddend..Iadd.12. The apparatus of claim 10 wherein said co-ordinating means is anauto-start means..Iaddend..Iadd.13. The apparatus of claim 10 whereinthe read/write control is a logic circuit means for producing read/writesignals for the data storage means and read/write terminals of themicroprocessor..Iaddend..Iadd.14. The apparatus according to claim 10wherein the address storage means and data storage means include,respectively, a plurality of address buffers for storing the computer'saddresses for the data to be ciphered and returned, and a data bufferfor storing the data to be ciphered and the ciphered data for return tothe computer..Iaddend..Iadd.15. The apparatus of claim 10 wherein thekey card interface means includes an EEPROM key cardreader..Iaddend..Iadd.16. The apparatus of claim 10 further comprising amemory-write bus cycle of the microprocessor including means responsiveto an instruction to write data to a memory location for activating themicroprocessor and its bus buffers for driving an address onto thecomputer's system bus, means for indicating the address of the memorylocation that should accept the data, means enabling the microprocessorto drive the data bus with the data that is to be written in theselected memory location, means indicating that the address bus containsa valid memory address, means for activating the memory write bussignal, and means for driving the computer's system bus with theciphered data for storage in the selected memory location and means fordeactivating the memory-write signal..Iaddend.